kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,934 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

424 Commits

Author SHA1 Message Date
Ole Markus With b9212f85ad Add addon for aws node termination handler 2020-09-17 21:09:28 +02:00
Ciprian Hacman 0eb626fcdd Release 1.19.0-alpha.4 2020-09-16 11:37:38 +03:00
Ole Markus With b8bc6d35b8 Force external cloud controller manager on OS 2020-09-15 18:49:51 +02:00
Kubernetes Prow Robot 58092b5666
Merge pull request #9925 from olemarkus/cas-fixes 
Add missing flags to cluster autoscaler template
 2020-09-13 00:58:57 -07:00
Ole Markus With 2b5950c24c Add missing flags to template 2020-09-12 08:24:29 +02:00
Kubernetes Prow Robot 036ea69525
Merge pull request #9352 from justinsb/irsa_with_public 
Simplified form of IAM Roles for ServiceAccounts
 2020-09-09 22:23:44 -07:00
Chris Loukas 65610dbcee Update NodeLocalDNSConfig with Mem/CPU requests 
Add NodeLocalDNS.CPURequest and NodeLocalDNS.MemoryRequest to
configure resource requests.

If not explicitly set, fall back to 25m and 5Mi
 2020-09-09 18:40:14 +03:00
Justin SB a61ecf4c58 Refactor to use interface for iam Subjects 
Hat-tip to johngmyers for the idea!
 2020-09-09 09:57:07 -04:00
Justin SB 8498ac9dbb Create PublicJWKS feature flag 
This should be much easier to start and to get under testing; it only
works with a load balancer, it sets the apiserver into anonymous-auth
allowed, it grants the anonymous auth user permission to read our jwks
tokens.  But it shouldn't need a second bucket or anything of that
nature.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-09-09 09:57:06 -04:00
Ole Markus With 886b4c97cb Don't explicitly set insecure-bind-address on newer k8s 2020-09-09 11:41:51 +02:00
Kubernetes Prow Robot bac4afa3e5
Merge pull request #9871 from olemarkus/cilium-upgrades-sept-2 
Bump cilium to 1.8.3
 2020-09-05 09:15:41 -07:00
Ole Markus With 3ac61c7ea9 Bump cilium to 1.8.3 2020-09-05 10:47:48 +02:00
Ole Markus With a0e9fab104 Implement cluster autoscaler as bootstrap addon 
Use provider-agnostic node definition for cas instead of aws auto-discovery

Validate clusterAutoscalerSpec

Add spec documentation

Add cas docs

Make CRDs

Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>

Add enabled flag to cas config

Apply suggestions from code review

Co-authored-by: Guy Templeton <guyjtempleton@googlemail.com>

Add support for custom cas image

Support more k8s versions

Use full image names
 2020-09-03 09:52:13 +02:00
Ole Markus With 715e46d58e Upgrade cilium versions 2020-08-31 12:01:03 +02:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
Kubernetes Prow Robot b00f8049b6
Merge pull request #9808 from hakman/kope-to-k8s.gcr.io 
Pull images from k8s.gcr.io/kops instead of docker.io/kope
 2020-08-26 07:18:05 -07:00
Justin SB b158ffab04 Refactor: KopsModelContext embeds IAMModelContext 
go syntax makes this an annoying change, unfortunately.
 2020-08-25 11:22:34 -04:00
Ciprian Hacman a4ff90205a Pull images from k8s.gcr.io/kops instead of docker.io/kope 2020-08-25 08:04:36 +03:00
Peter Rifel dd75c1ed91
make apimachinery crds gomod, update-expected.sh 2020-08-24 10:58:09 -05:00
Kubernetes Prow Robot 9cb6797f67
Merge pull request #9801 from hakman/release-1.19.0-alpha.3 
Release 1.19.0-alpha.3
 2020-08-24 08:53:41 -07:00
Peter Rifel 7d9f0a06cf
Update API slice fields to not use pointers 
This is causing problems with the Kubernetes 1.19 code-generator.
A nil entry in these slices wouldn't be valid anyways, so this should have no impact.
 2020-08-24 07:46:38 -05:00
Ciprian Hacman 2d61ab0876 Bump kops to v1.19.0-alpha.3 2020-08-23 12:07:44 +03:00
Ciprian Hacman 537ad60191 Add support for containerd v1.4.0 2020-08-18 10:04:18 +03:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers c5871df319 Get kubelet certificate from kops-controller 2020-08-15 10:30:20 -07:00
Kubernetes Prow Robot 96ab8423b1
Merge pull request #9566 from hakman/arm64-images 
Add ARM64 support for masters
 2020-08-14 20:46:17 -07:00
Ole Markus With 25d98796e2 Add cinder plugin 2020-08-11 10:15:12 +02:00
Ciprian Hacman c51a811c21 ARM64 support - Update expected tests output 2020-08-10 13:47:07 +03:00
Ciprian Hacman 172031859d ARM64 support - Build multi-arch images 2020-08-10 13:47:07 +03:00
Justin SB c64abd4301 Release 1.19.0-alpha.2 2020-07-31 07:59:05 -04:00
John Gardiner Myers 8258dcd395 Exempt OpenStack from the EnableExternalCloudController feature flag 2020-07-25 13:12:25 -07:00
John Gardiner Myers ac13557e03 Add missing lifecycle to etcd keypair tasks 2020-07-11 22:27:53 -07:00
Ciprian Hacman 06df2cc123 Re-enable disk based evictions for Kubernetes 1.19 2020-07-09 19:36:11 +03:00
John Gardiner Myers 479b4860e8 Remove deprecated function 2020-07-06 22:48:01 -07:00
Kubernetes Prow Robot 0c62641dad
Merge pull request #9354 from johngmyers/refactor-certs-2 
Continue refactoring certs into nodeup
 2020-07-06 17:13:57 -07:00
Kubernetes Prow Robot a97fc42666
Merge pull request #9491 from johngmyers/nodeport-dns 
Default ClusterDNS appropriately when NodeLocalDNS is enabled
 2020-07-05 22:28:50 -07:00
Kubernetes Prow Robot b944b6973c
Merge pull request #9495 from hakman/docker-specific-flags 
Use kubelet docker-specific flags only for Docker
 2020-07-05 12:44:49 -07:00
Ciprian Hacman 69511a998e Use kubelet docker-specific flags only for Docker 2020-07-05 07:57:10 +03:00
Justin SB 591626af3c Release 1.19.0-alpha.1 2020-07-04 21:46:14 -04:00
John Gardiner Myers 004f7b578f Default ClusterDNS appropriately when NodeLocalDNS is enabled 2020-07-03 16:57:03 -07:00
Ole Markus With 53f670aeb0 Rebase with master 2020-07-03 08:39:43 +02:00
Ole Markus With 263172caac Use new templates for cilium 1.8 2020-07-03 07:56:35 +02:00
Rodrigo Menezes 627b71557e Fix where etcd-cluster-spec is writen when etcd's BackupStore is defined - v2 2020-07-02 00:01:43 -07:00
Ciprian Hacman a7c8d2087c Use github.com/blang/semver/v4 2020-07-01 08:54:42 +03:00
John Gardiner Myers d2e270c844 update-expected.sh 2020-06-28 23:12:13 -07:00
Justin SB 74c787b598 NodeLocalDNS config population: small tweaks 
Minor tweaks to the code-style when filling out the NodeLocalDNS
config, just to make it more consistent.
 2020-06-16 16:23:38 -04:00
Kubernetes Prow Robot eb39ab7349
Merge pull request #9355 from johngmyers/move-port 
Move host-network services off of port 8080
 2020-06-16 09:10:04 -07:00
John Gardiner Myers 747aa6e8c4 Revert "Fix kube-apiserver-healthcheck image" 
This reverts commit 7e52f223
 2020-06-16 07:39:53 -07:00
Kubernetes Prow Robot 2a73c9dd73
Merge pull request #9334 from hakman/docker-selinux 
Add "--selinux-enabled" flag for Docker
 2020-06-15 22:52:04 -07:00
Kubernetes Prow Robot dc0c219727
Merge pull request #9360 from johngmyers/remove-baremetal 
Remove the baremetal cloud provider
 2020-06-15 21:11:57 -07:00
Kubernetes Prow Robot 06840579c2
Merge pull request #9359 from coreypobrien/fixkubeapihealthimage 
Fix kube-apiserver-healthcheck image
 2020-06-15 11:59:57 -07:00
John Gardiner Myers 0d74344a43 Remove the baremetal cloud provider 2020-06-14 10:38:29 -07:00
Corey O'Brien 7e52f223eb Fix kube-apiserver-healthcheck image 2020-06-14 12:55:22 -04:00
John Gardiner Myers 4bf8302f14 Move kube-apiserver-healthcheck to port 3990 2020-06-12 22:00:14 -07:00
Ciprian Hacman 0b1f01be25 Set the default log level for Docker to "info" 2020-06-12 06:19:09 +03:00
Ole Markus With e09365b6c2 Validate cilium version 2020-06-11 07:38:14 +02:00
Ole Markus With 39751cfe63 Set cilium defaults in code 2020-06-11 07:38:13 +02:00
Ciprian Hacman dc79e31a2c Use Docker 19.03.11 for Kubernetes 1.17+ 2020-06-09 18:16:06 +03:00
Ciprian Hacman 87ad779c76 Disable disk based evictions for Kubernetes 1.19 2020-06-08 11:13:23 +03:00
Ciprian Hacman f34a13a8f0 Disable disk based evictions for Kubernetes 1.19 2020-06-08 11:11:44 +03:00
Kubernetes Prow Robot 9e4bf1699a
Merge pull request #9216 from hakman/prepare-multi-arch 
Prepare Kops for multi-architecture support
 2020-06-04 21:35:43 -07:00
John Gardiner Myers 2b81bad20e Remove reference to Jessie 2020-06-04 12:13:54 -07:00
John Gardiner Myers e88e0cf7ec Remove code supporting dropped k8s versions 2020-06-04 12:11:51 -07:00
Kubernetes Prow Robot 4fe5ad03f8
Merge pull request #9255 from olemarkus/romana-remove 
Remove romana support
 2020-06-03 13:24:59 -07:00
Ciprian Hacman d049862cff Make architecture related decisions to nodeup 2020-06-03 17:24:01 +03:00
Ciprian Hacman 33c242c896 Use multi-arch image for pause container 2020-06-03 17:17:32 +03:00
Ciprian Hacman a7c9ef9ff0 Use Docker 19.03.11 for Kubernetes 1.18+ 2020-06-03 12:03:56 +03:00
Ole Markus With 991549a5f4 Remove support for Romana 2020-06-03 08:23:53 +02:00
Kubernetes Prow Robot d55e28f0ab
Merge pull request #9237 from hakman/etcd-manager-update 
Update etcd-manager to 3.0.20200531
 2020-06-01 08:29:56 -07:00
Ciprian Hacman 564d3d4ddc Update etcd-manager to 3.0.20200531 2020-06-01 13:08:59 +03:00
Ole Markus With 7342525872 Remove vsphere from kops files 2020-05-30 13:36:55 +02:00
Justin SB bb8c6b9fbe Update etcd-manager to 3.0.20200527 
Changes since 3.0.20200429:

* Use env vars to customize backup retention
* Use next attachment point when device already in use
* Simplify uploading backups
 2020-05-27 01:44:18 -04:00
Kubernetes Prow Robot bfd65ae589
Merge pull request #9157 from olemarkus/networking-cleanup 
Networking cleanup
 2020-05-24 07:03:10 -07:00
Kubernetes Prow Robot e6d73b5ba0
Merge pull request #9135 from justinsb/gce_no_hostname_no_worries 
GCE: don't rely on hostname being correct
 2020-05-22 17:43:10 -07:00
Ole Markus With b3505030c3 Fix containerd test 2020-05-22 09:56:19 +02:00
Ole Markus With fc0f7f237c Fix UsesKubenet call in containerd.go 2020-05-22 09:14:36 +02:00
Ole Markus With eebb605c9c Remove as much of the classic networking logic as we can 2020-05-22 08:08:58 +02:00
Ole Markus With d1ff25bb4e Remove some rather long networking nil checks 2020-05-22 08:08:58 +02:00
Kubernetes Prow Robot 2c899d859a
Merge pull request #9104 from hakman/containerd-kubenet 
Add support for Kubenet with containerd
 2020-05-21 22:20:38 -07:00
John Gardiner Myers 8a6d29cd40 Remove support for reading legacy-format keypairs 2020-05-20 13:28:13 -07:00
Ciprian Hacman 9d666c73bc Use components.UsesKubenet to check if Kubenet is required 2020-05-19 20:43:33 +03:00
Justin Santa Barbara 35c6056fb2 Create golden image test for nodeup kube-apiserver 
The building of the manifests for nodeup tasks can be a little opaque;
create a test to verify and expose what is happening.
 2020-05-18 06:42:16 -04:00
Justin SB 5ed11fd9c7 GCE: don't rely on hostname being correct 
Distros that use systemd for DHCP often don't have the hostname
correct, due to e.g. the requirement for policy kit.

We don't rely on it being set correctly on other clouds; no real
reason to require it on GCP either!
 2020-05-17 15:20:58 -04:00
Ciprian Hacman e608cd5265 Add support for Kubenet with containerd 2020-05-12 17:20:59 +03:00
Justin Santa Barbara 8db0017e62 kube-apiserver-healthcheck: actually enable on 1.17 
We cherry picked the support to 1.17, but now we need to activate the
feature.
 2020-05-08 13:32:22 -04:00
Justin SB 75fd939a62
kube-apiserver: healthcheck via sidecar container 
kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled.  That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.

Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.

This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-05-07 08:06:52 -04:00
Ciprian Hacman 78de18a803 Update k8s.gcr.io/pause image to version 3.2 2020-05-01 22:12:42 +03:00
Justin SB 35a42c37e4 Add etcd 3.3.17 to supported etcd version list 2020-04-30 01:35:50 +00:00
Justin Santa Barbara 3f77222cf3 Update to etcd-manager 3.0.20200429 
Adds support for new AWS regions

Full changes

* Upgrade aws-sdk-go [#320](https://github.com/kopeio/etcd-manager/pull/320)
* Release notes for 3.0.20200428 [#319](https://github.com/kopeio/etcd-manager/pull/319)
 2020-04-29 08:33:19 -04:00
Justin Santa Barbara eb3ef1a9bb Update to etcd-manager 3.0.20200428 
Contains the workaround for 1-year certificate expiry.

Full changes

* Release notes for 3.0.20200307 [#303](https://github.com/kopeio/etcd-manager/pull/303)
* Add support for etcd 3.3.17 [#304](https://github.com/kopeio/etcd-manager/pull/304)
* Adding client usage extension for server cert (#305) [#306](https://github.com/kopeio/etcd-manager/pull/306)
* Add a check to renew certificates on startup if they expire in 60 days or less [#309](https://github.com/kopeio/etcd-manager/pull/309)
* Try github actions [#310](https://github.com/kopeio/etcd-manager/pull/310)
* Upgrade bazel to 2.2.0 [#311](https://github.com/kopeio/etcd-manager/pull/311)
* Update to go 1.13.10 [#314](https://github.com/kopeio/etcd-manager/pull/314)
* Bazel: update dependency [#316](https://github.com/kopeio/etcd-manager/pull/316)
* e2e tests should wait for cluster readiness [#318](https://github.com/kopeio/etcd-manager/pull/318)
* Remove old bazel versions from travis [#317](https://github.com/kopeio/etcd-manager/pull/317)
* Always renew certificates [#313](https://github.com/kopeio/etcd-manager/pull/313)
 2020-04-28 09:15:02 -04:00
Ciprian Hacman 3de48dad8b Add support for containerd v1.3.4 2020-04-20 06:11:37 +03:00
Martin Tomes 462ca78f2a Import package aliases modified 
Modified api -> kopsapi aliases of imports of k8s.io/kops/pkg/apis/kops
 2020-04-17 16:55:08 +02:00
Kubernetes Prow Robot 982496c539
Merge pull request #8930 from justinsb/enabled_to_pointer 
Change NodeLocalDNS Enabled to *bool
 2020-04-16 21:55:06 -07:00
Justin Santa Barbara f3a40cf87c Change NodeLocalDNS Enabled to *bool 
As discussed in #8780 so we differentiate between false and not-set.
Also tweak the comment.
 2020-04-17 00:09:35 -04:00
Ole Markus With 869ab75dea Use etcd-manager for the cilium etcd cluster 2020-04-16 08:42:59 +02:00
Ole Markus With d5019a6c11 Simplify the spec and templates a bit 2020-04-10 10:48:21 +02:00
Salvatore Mazzarino f754cbda7d NodeLocal DNSCache 
Signed-off-by: Salvatore Mazzarino <dev@mazzarino.cz>
 2020-04-10 10:44:53 +02:00
Ciprian Hacman 73903bcb3d Remove support for unreleased Docker 19.03.7 2020-04-06 17:34:59 +03:00
Ciprian Hacman 5c8cc493af Set default log level to "info" for containerd 2020-03-22 20:53:58 +02:00
Ciprian Hacman 99bec7e9a0 Use containerd 1.2.13 with Docker 19.03.8 2020-03-16 08:03:35 +02:00